BinSoft mpGabinet Client-Side Authentication Bypass Vulnerability Allowing Arbitrary User Login

Vulnerability

A vulnerability exists in BinSoft mpGabinet versions through 23.12.19 that allows client-side authentication to be bypassed. An attacker with access to any application instance connected to the backend server can manipulate the application binary to circumvent the login verification process and authenticate as any user. This issue arises from the application's reliance on client-side authentication, which can be exploited by modifying the application binary to bypass login checks.

Impact

Exploitation of this vulnerability allows for unauthorized authentication, enabling an attacker to log in as any user on the affected application instance.

Added: Apr 28, 2026, 2:21 PM

Updated: Apr 28, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

3.3

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

3.3

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BinSoft mpGabinet Client-Side Authentication Bypass Vulnerability Allowing Arbitrary User Login

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating